Fix ipadb_multires resource handling

* ipadb_get_pwd_policy() initializes struct ipadb_multires *res to NULL.
* ipadb_multires_free() supports NULL as no-op.
* ipadb_multibase_search() consistently frees and NULLs
  struct ipadb_multires **res on error.

See: https://pagure.io/freeipa/issue/7738
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

daemons/ipa-kdb/ipa_kdb_common.c

@@ -634,10 +634,12 @@ krb5_error_code ipadb_multires_init(LDAP *lcontext, struct ipadb_multires **r)
 
 void ipadb_multires_free(struct ipadb_multires *r)
 {
-    for (int i = 0; i < r->count; i++) {
-        ldap_msgfree(r->res[i]);
+    if (r != NULL) {
+        for (int i = 0; i < r->count; i++) {
+            ldap_msgfree(r->res[i]);
+        }
+        free(r);
     }
-    free(r);
 }
 
 LDAPMessage *ipadb_multires_next_entry(struct ipadb_multires *r)
@@ -670,8 +672,11 @@ krb5_error_code ipadb_multibase_search(struct ipadb_context *ipactx,
     if (ret != 0) return ret;
 
     ret = ipadb_check_connection(ipactx);
-    if (ret != 0)
+    if (ret != 0) {
+        ipadb_multires_free(*res);
+        *res = NULL;
         return ipadb_simple_ldap_to_kerr(ret);
+    }
 
     for (int b = 0; basedns[b]; b++) {
         LDAPMessage *r;

daemons/ipa-kdb/ipa_kdb_pwdpolicy.c

@@ -141,7 +141,7 @@ krb5_error_code ipadb_get_pwd_policy(krb5_context kcontext, char *name,
     char *esc_name = NULL;
     char *src_filter = NULL;
     krb5_error_code kerr;
-    struct ipadb_multires *res;
+    struct ipadb_multires *res = NULL;
     LDAPMessage *lentry;
     osa_policy_ent_t pentry = NULL;
     uint32_t result;